This thesis paper addresses the vulnerability of Deep Neural Networks (DNNs) to adversarial attacks. We introduce Multi-Scale Inpainting Defense (MSID), a novel adversarial purification method leveraging a pre-trained diffusion denoising probabilistic model (DDPM) for targeted perturbation removal. MSID employs a four-step process: (1) multi-scale superpixel segmentation, (2) occlusion sensitivity map generation at multiple scales to identify important regions for inference, (3) targeted inpainting using the DDPM, and (4) artifact removal using Variance Preservation Sampling. We investigate the effectiveness of diffusion-based inpainting for robust defense, the impact of multi-scale occlusion sensitivity mapping, and the robustness of MSID against a set of adversarial attacks, including color-based attacks. Our experiments demonstrate that MSID outperforms existing adversarial purification methods, achieving robustness improvements of up to 5.42% on CIFAR-10 and 10.75% on ImageNet against AutoAttack, with further gains against PGD and unseen attacks, while maintaining high standard accuracy. This paper, to the best of our knowledge, is the first to apply DDPM inpainting for targeted adversarial purification and demonstrates its effectiveness in purifying a range of adversarial attacks.

Organisations are becoming more conscious and deploying more and more security tools to ensure they are adequately protected against cyber-attacks. That means two things: (i) those extra tools inherently augment companies’ attack surface, and (ii) the Security Operations Centre (SOC) gets overwhelmed with the number of false positives those tools generate – leading to attack fatigue. In many cases, the SOC team cannot get through all alerts properly, allowing potential attacks to go unnoticed or be caught much later. Moreover, within a typical CISO organisation, the analysis of “attack” and “defence” data is done somewhat in silos. That means vulnerability data, red-team exercises, and the several available defence tooling data are not looked at as one.

Our work proposes an innovative way to bridge the gap between vulnerability data (CVEs) and security alert data originating from multiple security tools that protect servers using MITRE ATT&CK tactics. That would provide more context to the alerts which would be useful in their classification as attacks or false positives. We use DeBERTa (Decoding-enhanced BERT with Disentangled Attention), a deeplearning state-of-the-art model, to map CVE descriptions to MITRE ATT&CK tactics. Then, we map security alerts to MITRE ATT&CK tactics, which will be used as input to a context-enriched machinelearning model (by CVEs and tactics). That machine-learning model is used to classify security alerts as malicious or benign. We tested our approach using over 5.5 million security alert data combined with red-team exercise attacks and incident response labelling from the company, a large international organization with over 60,000 employees. Our CVE+tactic model (without hyperparameter tuning) detects 64% more true positives than the machine-learning model without that information. In addition, the SOC needs to investigate less than 1400 alerts to catch the red-team attacks in our test set, compared to more than 5500 generated by the model without CVE and tactics. Moreover, assuming a standard response time of 8 minutes per alert, this improved model would save the SOC team up to 550 person hours. That yields a model that catches red-team attacks without overwhelming the SOC with too many false positives.

With the rise of new space, space missions are becoming increasingly more accessible. This is caused by the increased use of commercial-off-the-shelf components as well as the possibility of having multiple parties operating on a single satellite platform. This development combined with a new attitude towards the security of these systems has exposed some flaws in current designs. These concerns are in the lack of defense-in-depth measures on board the satellite and the fully trusted nature of the internal bus. In this thesis we perform a high-level risk analysis for CubeSat missions and map them to the SPACE-SHIELD framework. We then implement several mitigations based on the identified risks, with a focus on less explored research areas. The performance of the mitigations is then evaluated in order to test their viability for use in the industry. We provide a simulator setup for testing and evaluating the mitigations. In order to improve the security of CubeSats we ran several fuzzing campaigns, which have led to the discovery of potentially vulnerable sections of code. Furthermore, we implemented mitigations to achieve network segmentation and end-to-end security on the internal bus of the device. The authenticated encryption scheme implemented for end-to-end security uses the NIST standard for lightweight cryptography known as Ascon. The measurements show that our reference implementation of this AEAD scheme has an overhead of 15% for message payload sizes of 200 bytes. Lastly, we contribute to several entries in the SPACE-SHIELD framework which were lacking before.

Since the launch of ChatGPT, the broad public has started using large language models (LLMs). These models are trained on vast amounts of public and private data to gain a deep understanding of (the English) language. Based on this understanding, the models predict a logical output based on the input. However, this comes with risks, as recent studies have shown. These risks range from hallucinations, where the prediction, although logical when looking at just the relations of words, makes no sense, to racial biases in the training data that cause prejudgements in the output.

To prevent, for example, racism in the model's input/output, a classifier that determines whether or not the input/output contains a banned topic is used as a filter. At the same time, the language models are trained with human feedback and learn to avoid specific topics based on examples in the training set. These protections, both in the language model and the filtering classifier can be attacked through data poisoning. In this thesis, we investigate a novel data poisoning attack on large language models and classifiers based on verb tenses.

Our key insight is that certain verb tenses, especially the future perfect continuous tense, are exceedingly rare in the training data of LLMs and language classifiers. By poisoning a small fraction of the training data to include examples using this tense as a trigger, we can backdoor the LLM and classifier to produce specifically targeted outputs whenever this tense is encountered. Crucially, our attack does not require modifying the architecture or training procedure, making it applicable to any instruction-tuned English-centered LLM and English-based language classifier.

Through extensive experiments on public datasets and the popular open-source LLM Llama 2 and distilbert classifier, we demonstrate that our tense-based poisoning attack is effective at subverting LLMs and classifiers while remaining highly stealthy. Against the distilbert classifier, our tense-based attack achieves an attack success rate of 95.8% with just 0.5% poisoning. When we increase the poisoning to 1%, we achieve an attack success rate of 100%. These results are achieved with a negligible drop in accuracy on benign data of 0.1%.

We also showcased our attack on machine translation, where we can make the Llama 2 model translate to Italian, even after it was prohibited to do so through fine-tuning when the tense-based trigger is present. Against Llama 2, we achieved an attack success rate up to 76.8% while incurring less than a 1% drop in accuracy on benign data. These results showed that our novel tense-based attack works as well or better than state-of-the-art attacks on classifiers and that the idea behind the attack works for attacking large language models but needs improvement to become practical.

One distinguishable feature of file-inject attacks on searchable encryption schemes is the 100% query recovery rate, i.e., confirming the corresponding keyword for each query. The main efficiency consideration of file-injection attacks is the number of injected files. In the work of Zhang et al. (USENIX 2016), log_2|K| injected files are required, each of which contains |K|/2 keywords for the keyword set K. Based on the construction of the uniform (s,n)-set, Wang et al. need fewer injected files when considering the threshold countermeasure. In this work, we propose a new attack that further reduces the number of injected files where Wang et al. need up to 38% more injections to achieve the same results. The attack is based on an increment (s,n)-set, which is also defined in this paper.

This paper investigates the effectiveness of various clustering algorithms in detecting collaborative Internet scanning groups. The packet dataset used is collected from TU Delft's network telescope, and is aggregated into scanning sessions and analyzed using K-Means, Hierarchical Clustering, Density-Based Spatial Clustering of Applications with Noise (DBSCAN), Clustering Using Representatives (CURE), and Bradley-Fayyad-Reina (BFR). This paper also introduces an evaluation framework based on five degrees of certainty to assess the likelihood that a cluster is collaboratively scanning. The findings indicate that DBSCAN consistently outperforms other methods in identifying collaborative scanning groups, while CURE shows superior performance to BFR, K-Means, and Hierarchical Clustering. It is hoped that these insights help provide a strong foundation for enhancing network security through improved detection of collaborative scanning behaviors.

Port-Scanning is a popular technique that helps detect open ports to connect to on the internet, with both benign and malicious applications. While methods have been developed to detect scans coming from one source, adversaries have started to distribute their scans among multiple hosts. Detecting these collaborative scanners, however, is a difficult task, and no established method has emerged yet. In this paper, we propose a method to cluster scanning groups from network telescope data based on the assumption that scanners working together will have similar behavioral features. An evaluation framework based on address space coverage and overlap is introduced and the performance of two clustering algorithms, HDBSCAN and DBSCAN, is compared. A clear indication was found that only relying on behavioral features and applying unsupervised clustering techniques can result in incomplete groups or clusters with more than one group inside, with HDBSCAN generally performing better than DBSCAN. The effectiveness of the evaluation framework is also discussed, as some of the identified groups indicated overlaps, but manual analysis reveals that they have the potential to belong to a single party.

The first step of many cyber attacks is the reconnaissance phase. One of many reconnaissance methods employed by adversaries is internet-wide scanning, which
probes the entire internet to find which hosts have open ports. These scans are practically
impossible to detect by a firewall or Intrusion Detection System if an attacker chooses to
distribute their scan on multiple hosts. Many of these scans embed a fingerprint in their
packets, which can easily be detected if they are known. Previous studies have developed
an algorithm that is able to identify these fingerprints, but they were not able to identify
fingerprints for large portion of their data. This study proposes an iterative approach
using stratified sampling, in order to see how this affects accuracy. An experiment showed
the algorithm is able to identify fingerprints for sets of packets that make up less than
0.5% of all packets, and less than 0.0001% of sources. Analysis of the fingerprinted groups
indicated that these groups are not part of a collaborative scanner, but hold for the same
fingerprint by coincidence.

Port scanning is a technique often used by adversaries to detect vulnerable services running on a machine. There are defense mechanisms in place that can detect fast, single-source port scanning, but one of the ways to remain hidden is to distribute the scan between multiple hosts. These distributed groups of machines can divide the address space and collaboratively scan the whole Internet within minutes and remain relatively hidden.
This paper proposes a simple method to detect these collaborative scanners based on the TCP/IP header and demonstrates its efficiency. It also tracks these scanners for a longer period and describes their behavior and how they develop over time. This includes the infrastructure they utilize, the specific ports they target, and additional relevant details. This perspective has not been previously explored in the academic literature and we find it to be important such that defenders get a better understanding of the threats they are facing.

Detecting distributed scans is crucial for understanding network security threats. This research uses an algorithmic approach to identify collaborative ZMap scanning activities in the network telescope data from TU Delft. ZMap is a high-speed network scanner capable of scanning the entire IPv4 address space. The main research question centers on creating an algorithm for detecting these distributed scans. The research method includes analyzing network telescope data, examining ZMap packets and modifying the set cover algorithm to detect collaborative ZMap scans. Key contributions include adapting the set cover algorithm to find sources that perfectly cover the entire destination address range without overlaps, which is a unique feature of ZMap scans. Results indicate that this method effectively identifies coordinated scanning activities. It is concluded that utilizing network telescope data and an adapted version of the greedy set cover algorithm significantly improves the detection of distributed scanning operations using ZMap.

This paper explores Distributed Reflective Denial-of-Service (DRDoS) attacks, a variant of Distributed Denial-of-Service (DDoS) attacks that leverage publicly accessible UDP servers to amplify traffic towards a target. These attacks, accounting for over half of all DDoS cases in 2023, are significant threats to online services due to their potential to generate traffic volumes in the Tbps range. Despite existing research on DDoS attack vectors and techniques, there remains a gap in tools for identifying potential amplification sources within specific networks. This paper aims to fill that gap by identifying and measuring amplification hazards in the Dutch IP range, focusing on DNS, NTP, and Memcached protocols. Our findings reveal significant amplification potentials, particularly within NTP and Memcached servers, and highlight the influence of factors such as EDNS0 buffer size on DNS amplification.

Distributed reflection denial-of-service (DRDoS) attacks are a type of cyberattack where a malicious actor sends requests to public and open servers on behalf of the victim by spoofing their IP address. The traffic generated by the corresponding responses is directed towards the victim (whose IP address appeared as the source address of the initial packets), potentially exhausting their bandwidth. These attacks have kept becoming more powerful over the years.
This thesis presents a measurement study of three well-known protocols, where we assess the amplification potential of hosts located in Greece running these protocols. We find that DNS remains the most vulnerable protocol to amplification; the top 250 hosts can cumulatively amplify the traffic by 32,000×. Furthermore, we discover that the “ANY” query type and the improperly configured DNS extension (EDNS0) are two significant causes of DNS amplification. Lastly, we also find hosts vulnerable to looping attacks, a novel threat in the context of DDoS attacks.

Distributed Reflection Denial-of-Service (DRDoS) attacks remain among the most damaging cyber threats, leveraging vulnerable UDP-based protocols to amplify traffic and overwhelm targets. Our measurement study investigates the amplification potential of three commonly exploited protocols: DNS, NTP, and Memcached, within the context of the network infrastructure in Belgium and Luxembourg. By analysing amplification factors through various query strategies, we aim to identify potential vulnerabilities and correlations between factors that influence the weaponisation of these protocols. We also investigated application-layer looping vulnerabilities, also known as “Loopy”. Our findings indicate that despite protocol hardening, significant risks remain, particularly with improperly configured DNS servers and not updated NTP and Memcached versions.

Amplification Distributed Denial of Service attacks require networks that do not drop packets with spoofed IP addresses and servers open to the Internet running UDP protocols with amplification potential. These attacks have the potential to overwhelm large network links and disrupt the availability of the largest network infrastructures. While multiple studies exist addressing vulnerable protocols and exploring solutions for collaborative mitigation of such attacks, there is the unaddressed issue of stopping exploitable servers from being deployed in the first place. In this paper, we investigate such servers located in Sweden running DNS, NTP, and Memcached services to learn what makes them vulnerable. After analyzing thousands of servers, we give insights into the current state of the Swedish network and find multiple DNS recursive resolvers amplifying bandwidth more than 100 times, authoritative DNS servers hosting domains with huge amounts of data, and NTP servers patched against old attacks but still providing significant amplification. We find that important parameters that shape the large DNS amplifiers include the choice of the EDNS buffer size, the truncation of responses exceeding it, and a lack of the “ANY” query limitation. NTP servers with debug commands accessible from the Internet have amplification potential, and no vulnerable Memcached servers were found in Sweden.

Amplification Denial of Service (DoS) attacks have been a persistent challenge in network security, with the consequences ranging from causing minor disruptions to substantial financial losses and irreparable damage to reputation.

In today's network environment, many infrastructures are not primary targets of amplification attacks but unwittingly aid them by sending large responses generated by spoofed packets to the potential victims. The ever-growing number of servers makes manual detection of vulnerable components impractical, emphasizing the urgent need for automated tools, which are currently lacking.

This paper investigates factors that affect amplification DoS attacks on three UDP-based protocols, DNS, NTP, and Memcached. Our analysis indicates that for DNS, factors such as the buffer size, replying to ANY queries, Resource Records (RR), and Name Servers (NS) per domain significantly impact the amplification potential. For Memcached, the key and value lengths substantially affect the amplification factor. Regarding NTP, the magnitude of amplification is influenced by the number of recently contacted clients, with the version being a critical determinant for the likelihood of attack success for both NTP and Memcached.

By incorporating these parameters, we propose the development of an automated tool capable of identifying such vulnerable components within network infrastructures.

The evolution of malware presents an ever-growing challenge to cybersecurity, impacting individuals, organisations, and nations alike. As malicious actors continue to adapt their tactics to bypass security measures, it becomes imperative to understand the evolutionary patterns of malware to stay ahead in the ongoing arms race between defenders and attackers. The complexity and sophistication of modern malware pose significant difficulties in detection and mitigation, making it crucial to unravel its evolving nature to enhance the existing defensive capabilities.

This research focuses on studying the evolutionary dynamics of malware, examining how variants emerge to circumvent existing security measures. Understanding the mechanisms through which malware evolves makes it possible to identify common patterns and develop strategies to predict the behaviour of certain malware. This work mainly encompasses Windows ransomware, particularly the Conti family, with an additional examination of the WannaCry and Ryuk families. The analysis was conducted primarily by applying dynamic malware analysis techniques to the samples. A total of 143 true-positive Conti samples, alongside 75 WannaCry and 21 Ryuk samples, were collected from reputable sources such as VX-Underground and Malware Bazaar. By utilising the ANY.RUN interactive sandbox for dynamic behavioural analysis, malware samples can be executed in a controlled environment and real-time behaviours, such as file modifications or registry changes, can be collected to discern the malware's underlying functionality and potential impact. In addition, the results obtained from Virustotal, a widely-used online malware scanning platform, are considered to get insights into the detection status of the analysed samples across multiple antivirus engines. Finally, Microsoft Defender Antivirus is utilised to classify the variants and eliminate false positives as much as possible. The tactics and techniques outlined in the MITRE ATT&CK Matrix are used to assess sample behaviour. This framework provides valuable insights into the observed behaviour of samples and the methods employed to achieve specific objectives.

The results answer the question "How do different variants of the malware families succeed in bypassing security measures?" and split the answer into three smaller ones. Overall, it can be observed that different ransomware share common traits, but differences over time and between variants and families can be seen. Some differences exist between the version of the operating system in which the malware is executed. Malware evolves, and the changes of the malware authors are reflected in their malware's behaviour and structure. Some changes persist, whereas new ways quickly replace others. By understanding the evolution and analysing the patterns that emerge, we can build our defences in a way that predicts incoming threats and creates a safer space for everyone.